⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Ravie LakshmananMay 18, 2026Cybersecurity / Hacking Monday opens with a trust problem. A mail server flaw is under active use....
Hacking
Category Added in a WPeMatico Campaign
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business...
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the...
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ravie LakshmananMay 18, 2026Vulnerability / Software Security Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities...
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Ravie LakshmananMay 18, 2026Zero Day / Vulnerability Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and...
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one...
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come...
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an "unauthorized party" obtained a token that granted them...
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
Ravie LakshmananMay 16, 2026Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come...
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor...
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that...
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
The Hacker NewsMay 15, 2026Endpoint Security / Threat Detection In Your Biggest Security Risk Isn't Malware — It's What You...
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Ravie LakshmananMay 15, 2026Microsoft / Vulnerability Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that...
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
Ravie LakshmananMay 15, 2026Vulnerability / Credential Theft The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed...
